Back to skill
Skillv1.0.0
ClawScan security
Knowledge Distill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 25, 2026, 3:15 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (creating and writing files under a knowledge-base path and honoring a KNOWLEDGE_BASE_PATH env var) is mostly coherent with its description, but the SKILL.md references an undeclared environment variable and will create files in the user's home directory — a mismatch worth noting before install.
- Guidance
- This skill appears to do what it says: it will create a ~/knowledge-base/ directory (or use KNOWLEDGE_BASE_PATH if set) and write categorized markdown notes, but SKILL.md references an environment variable (KNOWLEDGE_BASE_PATH) that is not declared in the skill metadata. Before installing, consider: 1) confirm whether you want the agent to be allowed to create/write files under your home directory and whether to change the default path; 2) ask the publisher to declare KNOWLEDGE_BASE_PATH in the metadata so the env-var use is explicit; 3) test the skill with harmless dummy text to verify it only writes after the promised confirmation; and 4) if you have sensitive data in conversations, be aware those summaries will be stored locally — verify your backup/encoding policies. If you are uncomfortable with automatic creation of files or the broad trigger phrases, do not install or request the author to narrow triggers and explicitly declare the env var usage.
- Findings
[no_code_files_to_scan] expected: The regex-based scanner had nothing to analyze because this is an instruction-only skill (only SKILL.md present). This is expected, but also means the SKILL.md is the primary security surface to review.
Review Dimensions
- Purpose & Capability
- okThe name/description say the skill classifies discussion outcomes and writes them into five kinds of knowledge documents. The instructions exclusively describe creating/maintaining ~/knowledge-base and writing categorized markdown entries — this matches the declared purpose.
- Instruction Scope
- concernThe runtime instructions instruct the agent to check/create ~/knowledge-base and five documents, prepare previews, and only write after user confirmation. However, the SKILL.md also refers to an environment variable KNOWLEDGE_BASE_PATH for custom paths even though no env vars are declared; per evaluation rules this access is a mismatch. The triggers (e.g., '总结一下') are somewhat broad and could activate the skill to prepare previews during normal conversation, though the skill requires confirmation before writing.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files — minimal installation risk and nothing is written to disk by an installer. The only disk writes come from the agent's normal runtime behavior (creating the ~/knowledge-base and files).
- Credentials
- concernDeclared requirements list no environment variables, but SKILL.md documents optional use of KNOWLEDGE_BASE_PATH to override the path. That is an undeclared env-var access and should be declared in metadata. No credentials or unrelated env vars are requested, which is appropriate.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills or system-wide settings, and does not require elevated privileges. It will create and write files in a user-owned directory only after user confirmation.